我有一个Fedora 26 QEMU来宾虚拟机,其中一个LAMP应用程序在Fedora 25主机上运行。我可以从访客和主机访问访客Web服务器,但我无法从本地LAN上的其他系统访问它 - 我希望能够这样做。
我在路由器(LEDE)中放置了一个主机静态路由条目,将F26访客的静态IPv4地址(192.168.122.186)路由到F25主机。 F25主机已经拥有virbr0 v接口的网络路由条目(192.168.122.0/24)。
似乎F25主机防火墙阻止了访问,因为当我在F25主机上禁用firewalld时,它可以根据需要运行。
我很欣赏指向如何在这种配置中与firewalld争吵的指针。
编辑2017/12/11:
我开始只有一个firewalld区域(公共),但现在我尝试2(公共和内部)。 "服务"下面显示的(端口)一直是开放的。特别是http和https是我需要工作的。
我需要将来自本地局域网设备10.3.2.0/24(当然除了F25主机)的设备的流量通过F25主机路由到F26来宾VM。正如我之前写的那样,路由似乎正常工作,除非firewalld在F25主机上运行 - 在这种情况下此流量被阻止。
我花了很多时间搜索,并且有两个反复出现的主题,即转发和伪装。然而,所提出的所有事情都没有达到我的要求。
我该怎么做? TX
========== running: firewall-cmd --get-zones ===========
FedoraServer FedoraWorkstation block dmz drop external home internal public trusted work
========== running: firewall-cmd --get-active-zones ===========
internal
interfaces: virbr0
public
interfaces: enp0s31f6
========== running: firewall-cmd --get-default-zone ===========
public
========== running: firewall-cmd --zone=public --list-all ===========
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s31f6
sources:
services: mdns ssh dhcpv6-client http https
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
========== running: firewall-cmd --zone=internal --list-all ===========
internal (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: ssh http https dhcpv6-client mdns
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ ifconfig -a # on the F25 host
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.3.2.10 netmask 255.255.255.0 broadcast 10.3.2.255
inet6 xxxxxxxxxxxxxxxxxxxxxxxxx prefixlen 64 scopeid 0x20<link>
inet6 xxxxxxxxxxxxxxxxxxx prefixlen 128 scopeid 0x0<global>
inet6 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx prefixlen 64 scopeid 0x0<global>
ether xxxxxxxxxxxxxxxxx txqueuelen 1000 (Ethernet)
RX packets 145 bytes 16680 (16.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 217 bytes 27947 (27.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xf7000000-f7020000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 24 bytes 2056 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 2056 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:93:ae:d3 txqueuelen 1000 (Ethernet)
RX packets 99 bytes 11189 (10.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 73 bytes 9612 (9.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:54:00:93:ae:d3 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fe7c:437c prefixlen 64 scopeid 0x20<link>
ether fe:54:00:7c:43:7c txqueuelen 1000 (Ethernet)
RX packets 99 bytes 12575 (12.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 195 bytes 17988 (17.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.3.2.1 0.0.0.0 UG 0 0 0 enp0s31f6
10.3.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s31f6
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0